> The request for the code contains a referring url which tells the entity hosting the script who is visiting your pages and which pages they are visiting (this goes for all externally hosted content (fonts, images etc), not just javascript)
This can now be mitigated thanks to Referrer Policy [0]:
"The simplest policy is No Referrer, which specifies that no referrer information is to be sent along with requests made from a particular settings object to any origin. The header will be omitted entirely."
Voilà:
<meta name="referrer" content="no-referrer">
It's a W3C draft, but it's supported by latest FF/Chrome/Safari, and Microsoft Edge [1], although currently, with Edge, you'll want to use the legacy keyword "never" instead. (AFAIK "never" works with all the aforementioned browsers.)
> Google analytics junkies in particular will have to weigh whether they feel their users privacy is more important to them than their ability to analyze their users movements on the site.
There's a nice alternative - Piwik [2]. It's very much like GA, but GPL and self-hosted, and with various options for privacy [3]. You can even use it without cookies, if you don't mind the somewhat reduced accuracy and functionality.
Regarding fonts from Google Fonts, it's super-easy to host them yourself. There's a nice bash script [4] that downloads the font you want in all its formats/weights and generates the proper CSS. There's also the google-webfonts-helper service [5], and Font Squirrel has a webfont generator [6].
This can now be mitigated thanks to Referrer Policy [0]:
"The simplest policy is No Referrer, which specifies that no referrer information is to be sent along with requests made from a particular settings object to any origin. The header will be omitted entirely."
Voilà:
It's a W3C draft, but it's supported by latest FF/Chrome/Safari, and Microsoft Edge [1], although currently, with Edge, you'll want to use the legacy keyword "never" instead. (AFAIK "never" works with all the aforementioned browsers.)> Google analytics junkies in particular will have to weigh whether they feel their users privacy is more important to them than their ability to analyze their users movements on the site.
There's a nice alternative - Piwik [2]. It's very much like GA, but GPL and self-hosted, and with various options for privacy [3]. You can even use it without cookies, if you don't mind the somewhat reduced accuracy and functionality.
Regarding fonts from Google Fonts, it's super-easy to host them yourself. There's a nice bash script [4] that downloads the font you want in all its formats/weights and generates the proper CSS. There's also the google-webfonts-helper service [5], and Font Squirrel has a webfont generator [6].
[0] https://w3c.github.io/webappsec/specs/referrer-policy/
[1] https://msdn.microsoft.com/en-us/library/dn904194%28v=vs.85%...
[2] https://piwik.org/
[3] https://piwik.org/docs/privacy/
[4] https://github.com/neverpanic/google-font-download
[5] https://github.com/majodev/google-webfonts-helper
[6] http://www.fontsquirrel.com/tools/webfont-generator